<?php
class user {
	private $mysql;

	public function __construct ($mysql) {
		$this->mysql = $mysql;
	}

	public function checklogin ($username, $password) {
		$user['successful'] = 0; // false
		$result = $this->mysql->query (sprintf ('SELECT `User_id`, `UserLevel_id`, `User_name`, `User_email`, `User_address` FROM `User` WHERE `User_name`=\'%s\' AND `User_password`=MD5(\'%s\');', $this->mysql->real_escape_string ($username), $this->mysql->real_escape_string ($password)));
		$len = $result->num_rows ();
		if ($len != 0) {
			$user = array_merge ($user, $result->fetch_array ());
			$user['successful'] = 1;
		}
		$result->free_result ();
		return $user;
	}

	public function checkemail ($email) {
		$len = strlen ($email);
		if ($len < 5) {
			//Email too short
			return 1;
		} else if ($len > 255) {
			//Email too long
			return 2;
		} else if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $email)) {
			//Email address is not correct
			return 3;
		} else {
			$result = $this->mysql->query (sprintf ('SELECT * FROM `User` WHERE `User_email`=\'%s\';', $this->mysql->real_escape_string ($email)));
			$len = $result->num_rows ();
			$result->free_result ();
			if ($len != 0) {
				return 4;
			}
		}
		return 0;
	}

	public function checkusernameisexist ($username) {
		$user['successful'] = 0;
		$result = $this->mysql->query (sprintf ('SELECT * FROM `User` WHERE `User_name`=\'%s\';', $this->mysql->real_escape_string ($username)));
		$len = $result->num_rows ();
		if ($len != 0) {
			$user = array_merge ($user, $result->fetch_array ());
			$user['successful'] = 1;
		}
		$result->free_result ();
		return $user;
	}

	public function checkusername ($username) {
		$len = strlen ($username);
		if ($len < 2) {
			//Username too short
			return 1;
		} else if ($len > 64) {
			//Username too long
			return 2;
		} else if (preg_match("/[\`\-\=\[\]\\\;\'\,\.\/\~\_\+\{\}\|\:\"\<\>\?\ ]/", $username)) {
			//Username can not have any symbol
			return 3;
		} else {
			$user = $this->checkusernameisexist ($username);
			if ($user['successful'] != 0) {
				return 4;
			}
		}
		return 0;
	}

#	public function checkusername ($username) {
#	}


	public function lostpassword ($username, $email) {
		$err = 0;
		$user = $this->checkusernameisexist($username);
		if ($user['successful'] == 1 && strlen ($email) != 0 && strtolower ($user['User_email']) == strtolower ($email)) {
			$randomkey = md5 (uniqid ());
			$result = $this->mysql->query (sprintf ('INSERT INTO `ResetPassword` (`User_id`, `ResetPassword_key`, `ResetPassword_date`) VALUES (%d, \'%s\', NOW());', $this->mysql->real_escape_string ($user['User_id']), $this->mysql->real_escape_string ($randomkey)));
			$user['key'] = $randomkey;
		} else {
			$user['successful'] = 0;
		}
		return $user;
	}

	public function changepassword ($userid, $password, $oldpassword, $ismd5 = false) {
		$err = 0;
		if ($ismd5) {
			$result = $this->mysql->query (sprintf ('UPDATE `User` SET `User_password`=MD5(\'%s\') WHERE `User_password`=\'%s\' AND `User_ID`=\'%d\';', $this->mysql->real_escape_string ($password), $this->mysql->real_escape_string ($oldpassword), $this->mysql->real_escape_string ($userid)));
		} else {
			$result = $this->mysql->query (sprintf ('UPDATE `User` SET `User_password`=MD5(\'%s\') WHERE `User_password`=MD5(\'%s\') AND `User_ID`=\'%d\';', $this->mysql->real_escape_string ($password), $this->mysql->real_escape_string ($oldpassword), $this->mysql->real_escape_string ($userid)));
		}
		if ($result->affected_rows () != 1) {
			$err = 1;
		}
		return $err;
	}

	public function adduser ($username, $password, $email) {
		$err = 0;
		if (($err = $this->checkusername ($username)) != 0) {
#			print "checkusername";
#			print $err;
		} else if (($err = $this->checkemail ($email)) != 0) {
			$err += 4;
#			print "checkemail";
#			print $err;
		} else {
			$result = $this->mysql->query (sprintf ('INSERT INTO `User` (`User_name`, `User_password`, `User_email`) VALUES (\'%s\', MD5(\'%s\'), \'%s\');', $this->mysql->real_escape_string ($username), $this->mysql->real_escape_string ($password), $this->mysql->real_escape_string ($email)));
			if ($result->affected_rows () != 1) {
				$err = 9;
			}
			$result->free_result ();
		}
		return $err;
	}

}

?>